Ejemplo n.º 1
0
        /// <summary>
        /// The entry point for all AuthProvider providers. Runs inside the AuthService so exceptions are treated normally.
        /// Overridable so you can provide your own Auth implementation.
        /// </summary>
        /// <param name="authService"></param>
        /// <param name="session"></param>
        /// <param name="request"></param>
        /// <returns></returns>
        public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
        {
            var tokens = Init(authService, ref session, request);

            //Default OAuth logic based on Twitter's OAuth workflow
            if (!tokens.RequestToken.IsNullOrEmpty() && !request.oauth_token.IsNullOrEmpty())
            {
                OAuthUtils.RequestToken          = tokens.RequestToken;
                OAuthUtils.RequestTokenSecret    = tokens.RequestTokenSecret;
                OAuthUtils.AuthorizationToken    = request.oauth_token;
                OAuthUtils.AuthorizationVerifier = request.oauth_verifier;

                if (OAuthUtils.AcquireAccessToken())
                {
                    session.IsAuthenticated  = true;
                    tokens.AccessToken       = OAuthUtils.AccessToken;
                    tokens.AccessTokenSecret = OAuthUtils.AccessTokenSecret;

                    return(OnAuthenticated(authService, session, tokens, OAuthUtils.AuthInfo)
                           ?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))); //Haz Access
                }

                //No Joy :(
                tokens.RequestToken       = null;
                tokens.RequestTokenSecret = null;
                authService.SaveSession(session, SessionExpiry);
                return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed"))));
            }
            if (OAuthUtils.AcquireRequestToken())
            {
                tokens.RequestToken       = OAuthUtils.RequestToken;
                tokens.RequestTokenSecret = OAuthUtils.RequestTokenSecret;
                authService.SaveSession(session, SessionExpiry);

                //Redirect to OAuth provider to approve access
                return(authService.Redirect(AccessTokenUrlFilter(this, this.AuthorizeUrl
                                                                 .AddQueryParam("oauth_token", tokens.RequestToken)
                                                                 .AddQueryParam("oauth_callback", session.ReferrerUrl))));
            }

            return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "RequestTokenFailed"))));
        }
Ejemplo n.º 2
0
        public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
        {
            var tokens = Init(authService, ref session, request);

            //Transferring AccessToken/Secret from Mobile/Desktop App to Server
            if (request.AccessToken != null && request.AccessTokenSecret != null)
            {
                tokens.AccessToken       = request.AccessToken;
                tokens.AccessTokenSecret = request.AccessTokenSecret;

                var validToken = AuthHttpGateway.VerifyTwitterAccessToken(
                    ConsumerKey, ConsumerSecret,
                    tokens.AccessToken, tokens.AccessTokenSecret,
                    out var userId,
                    out var email);

                if (!validToken)
                {
                    return(HttpError.Unauthorized("AccessToken is invalid"));
                }

                if (!string.IsNullOrEmpty(request.UserName) && userId != request.UserName)
                {
                    return(HttpError.Unauthorized("AccessToken does not match UserId: " + request.UserName));
                }

                tokens.UserId           = userId;
                session.IsAuthenticated = true;

                var failedResult = OnAuthenticated(authService, session, tokens, new Dictionary <string, string>());
                var isHtml       = authService.Request.IsHtml();
                if (failedResult != null)
                {
                    return(ConvertToClientError(failedResult, isHtml));
                }

                return(isHtml
                    ? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))
                    : null); //return default AuthenticateResponse
            }

            //Default OAuth logic based on Twitter's OAuth workflow
            if (!tokens.RequestTokenSecret.IsNullOrEmpty() && !request.oauth_token.IsNullOrEmpty())
            {
                if (OAuthUtils.AcquireAccessToken(tokens.RequestTokenSecret, request.oauth_token, request.oauth_verifier))
                {
                    session.IsAuthenticated  = true;
                    tokens.AccessToken       = OAuthUtils.AccessToken;
                    tokens.AccessTokenSecret = OAuthUtils.AccessTokenSecret;

                    return(OnAuthenticated(authService, session, tokens, OAuthUtils.AuthInfo)
                           ?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))); //Haz Access
                }

                //No Joy :(
                tokens.RequestToken       = null;
                tokens.RequestTokenSecret = null;
                this.SaveSession(authService, session, SessionExpiry);
                return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed"))));
            }
            if (OAuthUtils.AcquireRequestToken())
            {
                tokens.RequestToken       = OAuthUtils.RequestToken;
                tokens.RequestTokenSecret = OAuthUtils.RequestTokenSecret;
                this.SaveSession(authService, session, SessionExpiry);

                //Redirect to OAuth provider to approve access
                return(authService.Redirect(AccessTokenUrlFilter(this, this.AuthorizeUrl
                                                                 .AddQueryParam("oauth_token", tokens.RequestToken)
                                                                 .AddQueryParam("oauth_callback", session.ReferrerUrl)
                                                                 .AddQueryParam(Keywords.State, session.Id) // doesn't support state param atm, but it's here when it does
                                                                 )));
            }

            return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "RequestTokenFailed"))));
        }
Ejemplo n.º 3
0
        public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
        {
            var tokens = Init(authService, ref session, request);

            //Transfering AccessToken/Secret from Mobile/Desktop App to Server
            if (request.AccessToken != null && request.AccessTokenSecret != null)
            {
                session.IsAuthenticated = true;

                long userId;
                if (request.UserName != null && long.TryParse(request.UserName, out userId))
                {
                    tokens.UserId = userId.ToString();
                }

                tokens.AccessToken       = request.AccessToken;
                tokens.AccessTokenSecret = request.AccessTokenSecret;

                var authResponse = OnAuthenticated(authService, session, tokens, new Dictionary <string, string>());
                if (authResponse != null)
                {
                    return(authResponse);
                }

                var isHtml = authService.Request.ResponseContentType.MatchesContentType(MimeTypes.Html);
                return(isHtml
                    ? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))
                    : null); //return default AuthenticateResponse
            }

            //Default OAuth logic based on Twitter's OAuth workflow
            if (!tokens.RequestToken.IsNullOrEmpty() && !request.oauth_token.IsNullOrEmpty())
            {
                OAuthUtils.RequestToken          = tokens.RequestToken;
                OAuthUtils.RequestTokenSecret    = tokens.RequestTokenSecret;
                OAuthUtils.AuthorizationToken    = request.oauth_token;
                OAuthUtils.AuthorizationVerifier = request.oauth_verifier;

                if (OAuthUtils.AcquireAccessToken())
                {
                    session.IsAuthenticated  = true;
                    tokens.AccessToken       = OAuthUtils.AccessToken;
                    tokens.AccessTokenSecret = OAuthUtils.AccessTokenSecret;

                    return(OnAuthenticated(authService, session, tokens, OAuthUtils.AuthInfo)
                           ?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))); //Haz Access
                }

                //No Joy :(
                tokens.RequestToken       = null;
                tokens.RequestTokenSecret = null;
                this.SaveSession(authService, session, SessionExpiry);
                return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed"))));
            }
            if (OAuthUtils.AcquireRequestToken())
            {
                tokens.RequestToken       = OAuthUtils.RequestToken;
                tokens.RequestTokenSecret = OAuthUtils.RequestTokenSecret;
                this.SaveSession(authService, session, SessionExpiry);

                //Redirect to OAuth provider to approve access
                return(authService.Redirect(AccessTokenUrlFilter(this, this.AuthorizeUrl
                                                                 .AddQueryParam("oauth_token", tokens.RequestToken)
                                                                 .AddQueryParam("oauth_callback", session.ReferrerUrl))));
            }

            return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "RequestTokenFailed"))));
        }